Hoping someone has a little more experience with iptables than I - shouldn't be too hard.

I am just wondering if anyone can confirm whether or not the --dports option only works in some contexts or whether it can be used in place of the usual --dport option as a valid way to consolidate many rules into single multi-port rules.

--dports is just that, multiple ports in a signal rule, or am I not understanding your question?

04-21-2012

johnnygear

Quote:

Originally Posted by Lazydog

--dports is just that, multiple ports in a signal rule, or am I not understanding your question?

Yes, I am asking if that is in fact the case.

I have read through the iptables man page but it is not explicit about the context of --dports as far as I am concerned.

Furthermore, the only place I can find reference to --dports being used, it is being used with a -m multiport option; Please see the rule I am referencing below:
iptables -A INPUT -i eth0 -p tcp -m multiport --dports 22,80,443 -m state --state NEW,ESTABLISHED -j ACCEPT

Could you confirm whether my rule will work as it is, or would I need to change it and add the -m multiport option? (my rule is listed below)
iptables -A INPUT -p tcp -m tcp --dports 135,137,138,139 -m recent --name portscan --set -j DROP

Thanks for your help,

Johnny

04-22-2012

johnnygear

Quote:

Originally Posted by johnnygear

Yes, I am asking if that is in fact the case.

I have read through the iptables man page but it is not explicit about the context of --dports as far as I am concerned.

Furthermore, the only place I can find reference to --dports being used, it is being used with a -m multiport option; Please see the rule I am referencing below:
iptables -A INPUT -i eth0 -p tcp -m multiport --dports 22,80,443 -m state --state NEW,ESTABLISHED -j ACCEPT

Could you confirm whether my rule will work as it is, or would I need to change it and add the -m multiport option? (my rule is listed below)
iptables -A INPUT -p tcp -m tcp --dports 135,137,138,139 -m recent --name portscan --set -j DROP

Thanks for your help,

Johnny

After doing some further reading I have come to the conclusion that the right way to construct a multi port rule such as mine is as follows: